![]() ![]() Additionally, users should also try to limit what they install to stay safe. If you’re downloading a browser extension, computer program, or app from the internet - even from what is believed to be a trusted source, as this case proves - you should always review what permissions you’re granting. In order to gain access to your passwords, Mega.nz explained that the malicious extension asks for elevated permissions, such as the ability to read and change data on all websites you visited, something that the legitimate version of the extension does not require or ask for. “You are only affected if you had the MEGA Chrome extension installed at the time of the incident, auto update enabled and you accepted the additional permission, or if you freshly installed version 3.39.4.” Users accessing the service by typing in the URL into the browser are not affected. ![]() “On 4 September 2018 at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA’s Chrome extension, version 3.39.4, to the Google Chrome webstore,” Mega.nz said in a blog post. ![]() The passwords were sent to a Ukraine-based server. The malicious version of the browser extension was uploaded to the Chrome web store by hackers in an effort to gain access to user’s logins for sites such as Amazon, Google, GitHub, and Microsoft. Fitbit Versa 3Ĭloud storage service Mega.nz revealed that it was hacked on Tuesday, September 4, and users who had installed the service’s Chrome browser extension may have had their passwords to other internet services compromised. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |